Re: [suse-security] DMZ Setup is killing me!!

[Mike Branda <mike@xxxxxxxxxxxxx>]

maarten,

after alot of pain, it works!!

thank you.  you put me on the right path and it definately helped.  yes,
I was just trying a simple ping and then ssh from an offsite machine. 
After digging through the firewall debug logs.....what was holding it up
was that from the offsite machine the outbound port was 7100 or so to
inbound 22 on ssh.  well, outbound tcp,22 was enabled in FW_MASQ_NETS
for the DMZ but not ranges in the 7100 area.  It couldn't reply to the
ssh because the firewall was dropping it.  once I opened up the outbound
reply ports, it worked.  I didn't realize that ssh worked on high
outbound directed at port 22.  looks like more reading ahead.


Thanks again!!



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here